In some sense, our security systems don’t really give us very much information

Recently, there was a mall shooting in which three people died about five miles from my home in Columbia, MD. My wife and I were to have been there getting her phone fixed in the exact part of the mall where the killings took place. But by some coincidental grace, other errands kept us busy and delayed our arrival by about an hour. I knew something was wrong when we were within three miles of the scene, as an army of speeding, wailing, flashing law enforcement vehicles of every jurisdiction were converging on the mall from all directions.

I thought back to my last article in this series (Security, December 2013), particularly to the discussion of how Big Data might make public venues safer than they are today. It’s a big job, even for organizations with deep pockets and lots of resources. How much more difficult is it for smaller organizations to make use of available information to better protect their employees and their assets? How much of this problem could be tackled in a way that allows data to be shared so that everyone can benefit? And if we could, what sort of data would be relevant?

If we want to provide the safest world we can for those who rely on us, it’s incumbent on our industry to start looking at what sorts of additional data can help us do that job.

How Much Data Do We Have, Really?

In some sense, our security systems don’t really give us very much information. I say that as someone who provides information systems for security applications, and who has watched a tremendous increase in the amount of data that we can collect about our property and the people who use it. So far, the wide adoption of IP technology over the past 10 years has been the single most important factor in amassing more and better data. More sensors, better sensors and a variety of video analytics have produced a flood of new data, but a lot of it is useful only after the fact. What we need is access to Big Data that is useful before the fact.

If you think about it, most of our public security data sets are missing precisely the information we’d like to have for a decent risk analysis; namely,

Who’s in my space?

What else is going on?

Is there a pattern I should know about?

We won’t likely get the answers to these sorts of questions from today’s electronic security systems, but this type of data is becoming available from outside our conventional perimeter protection paradigm. Big Data tools, cloud computing and mobile computing give us the power and the deployment model to make this type of preventive information available to organizations large and small.

Who’s In My Space?

“Who’s in my space” is an easy question to answer when you have complete control over all access points. This is essentially the model presented by conventional access control of a known and manageable population such as employees entering the workplace. Supplement this with visitor management and – we’d like to believe – we have a nearly complete picture of who’s inside our buildings at any time.

But what do we do when the population is not known, and is not under our management control? This problem scales from large public places like malls down to the small business environment where costs are tight and any new technology has to be as easy to use as a consumer-oriented app. It also means that we need to have ways of identifying people, or at least profiles of people, who may be entering uncontrollable physical spaces without the need for prior explicit authorization.

How Do We Find Out?

Today’s Internet of Things (IoT) phenomenon is expected to increase the number of devices connected to the Internet by several orders of magnitude. In one of many estimates of this explosive trend, Cisco predicts that by 2020, the number of connected devices will grow by more than 50 billion. Compare that to somewhat fewer than 1 billion connected devices today. Many of these devices that are collecting or producing information for one purpose will inadvertently produce data that has security value. Deriving security value from this avalanche of information is surely one of the biggest Big Data opportunities we have as an industry.

One of the technologies creating usable big security data today is the tracking of WiFi signals to monitor individuals or large groups of people via their cellphones. Applications to date have included tracking Londoners via WiFi-enabled trash cans, tracking shoppers in retail settings and even seeing through walls.

While the technology doesn’t necessarily identify individual persons by name (although we can to some extent when combined with metadata from other sources), it can provide information about the number of people in a space, whether the same person has been there before and whether certain people always show up together. If this data were syndicated across multiple organizations, it could also provide information about where a person had been immediately before they came into a physical space, and where they went after they left.

Consider the retail setting and think about how this new “external” data from WiFi collection systems could augment in-store security and loss prevention. For starters, correlating loss prevention data (e.g. time and date of occurrence) with WiFi tracking information could yield a connection between a particular cellphone showing up and consistently correlated shoplifting losses. Knowing that a likely shoplifter had just entered your small business could be tremendously valuable. And the quality of such information would be much better with more participation across a large area such as a city or a more confined setting such as a mall.

At this point in the evolution of Big Data tools and the emerging Internet of Things data streams, the technology for using this sort of external data source has become the easier part of the opportunity. The hard part is fostering the large-scale cooperation to make it happen.

Sharing Location-Specific Intelligence?

The flip side of Big Security Data collection is timely and targeted distribution. It’s no secret that with everyone carrying a mobile phone linked to innumerable news feeds, there are many ways, perhaps too many, of providing relevant security alerts and mass notifications. The problem is we are all inundated with information, and the brain tunes out a lot of it. But, what if there was a way that real-time information and analytics could provide information that is relevant to my specific context and location? Would I pay more attention to that? Could it make me safer?

Here again, the Internet of Things is complementing Big Data analytics with new location-specific intelligence that can be harnessed by the security enterprise. One of the best examples is the use of iBeacons to send push notifications to Bluetooth devices like cellphones that are in close proximity to the iBeacon itself.

By localizing the broadcast of security data to the affected footprint, we can provide much richer and more relevant directives to people who may be in harm’s way. I think of the people huddled in bathrooms and closets and under counters in my nearby mall, and wonder how much better informed they could have been about the progress of the police investigation and whether the danger had passed.

What’s in Social Networks?

It is evident that the security industry has not appreciated the value of social networks or applications in any significant way, short of self-promoting Tweets and Facebook posts. But social media has become a source of Big Data that is useful for both the collection and distribution of relevant security intelligence. Think of it as crowdsourcing part of the work that used to be done by security personnel.

The opportunities here fall into two main categories. The first I call “side effect” analytics that look at large-scale social networking data in real-time to derive information about possible threats or risks. An outstanding example of this opportunity is the use of Twitter data to forecast possible security incidents. A simple case, often reported, is derivation of possible “flash mob” events that often target small businesses or local public spaces and can have disastrous effects. A more sophisticated example is the work being done at the University of Twente in the Netherlands to apply mathematical models to social media feeds to predict potential but non-explicit security risks. Both represent the use of real-time Big Data feeds to benefit local security operations.

The second social network opportunity for security falls into a category generally known as gamification, which is defined as using “game thinking and game mechanics in non-game contexts to engage users in solving problems.” The best example of how this might work for security is the social driving application known as Waze. This application provides drivers with real-time data about driving conditions, obstacles, risks and road conditions by rewarding individual users’ reporting contributions with a system of points and badges (aka, gamification of data collection). The result is a highly accurate picture of the current traffic scenario. This same model, augmented with a predictive Big Data layer, could be exploited by security practitioners to collect and syndicate useful information across both large and small organizations.

Where to from Here?

One theme we all continue to hear in the security industry is how we’re such late adopters of IT technology. It’s true that with the historically installed, electronic, hardware-based technology model, we haven’t been able to jump on every new technology trend as quickly as the kids in Silicon Valley.

But Big Data, the Internet of Things and social networks are all out there, ready to use, and they have created for us an opportunity to eliminate that typical lag time.

Let’s use this opportunity before we read another headline that makes us wish we’d done so sooner.

Events

The tragedy of the United States domestic violence situation is impossible to quantify. There is both a sordid history and an on-going crisis; a crisis that has become normalized. Since 2000, approximately more than 20,000 women have been murdered by domestic partners, or "family terrorists".

Products

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

Consolidation and technological advances are changing the face of the guarding industry. How will this affect enterprise security leaders? Learn more about changes to the security officer services industry as well as the Top Guarding Firms Listing in the December 2016 edition. Also in this issue: a new financial focus on cybersecurity, what to do in your first three months as a new CSO, the ostrich style of security management, and more.